Privacy groups fight to expose secret cyber ruling

Civil liberties advocates are trying to bring to light a secret legal document that could upend the congressional fight over cybersecurity.

For years, the Obama administration has repeatedly declined to reveal a 2003 decision from the Justice Department’s Office of Legal Counsel (OLC), claiming that it no longer relies on the opinion.

But the continued secrecy has digital privacy experts worried the decision addresses the government's right to access data and could give license to warrantless surveillance.

ADVERTISEMENT

The topic has become especially pertinent as lawmakers clash over online snooping and a controversial cybersecurity bill heads to the president’s desk.

This week, the American Civil Liberties Union (ACLU) decided to go to the courts, to force a fight on the issue.

“At the time, the OLC was writing opinions that articulated a very broad executive power,” said ACLU attorney Eliza Sweren-Becker. “So without knowing more about the opinion itself, it’s possible that this particular OLC opinion also takes that kind of expansive approach to executive power.”

The ACLU brought suit after an effort to obtain the opinion earlier this year through a Freedom of Information Act (FOIA) request was rebuffed.

The opinion touches on "commercial service agreements," presumably between telecom and tech companies and their consumers. But what that exactly covers is murky and has privacy advocates alarmed.

“The issue remains obscure,” Steven Aftergood, the head of the Federation of American Scientists’ project on government secrecy, said in an email.

The memo “presumably relates somehow to the scope and manner of government access to privately held communications data,” he added. “But it’s unclear exactly what is at stake. And in a way, that lack of clarity is the problem.”

The legal opinion could be more important than ever now, privacy advocates say, as Congress enters the final chapter of a years-long effort to pass cybersecurity legislation.

Proponents — including a broad bipartisan swath of lawmakers, the White House and many industry groups — say the legislation will help companies and the government swap more data on hacking threats, helping improve the nation’s cyber defenses.

“I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the executive branch,” he said in a written dissent to the Senate’s version of the legislation, called the Cybersecurity Information Sharing Act (CISA), after casting the lone vote against the bill in the Senate Intelligence Committee.

His concern has only raised the fears of privacy advocates.

“One fear is that the interpretation posed by this opinion will enable companies to share all sorts of sensitive information, more so than what the bill may indicate on its face,” said Sweren-Becker.

That sensitive information could include social media activity, Internet browsing history, financial records and airline travel records, she warned.

CISA and two related bills in the House have passed through their respective chambers. The two sides are hoping to conference the three offerings and get one unified measure to the president’s desk in the coming months.

Multiple anti-secrecy advocates could only guess at the contents of the 2003 memo, since it has never been made public.

But Wyden has proven his privacy bona fides, after previously hinting at the National Security Agency’s (NSA) broad collection of Americans' data, in the months before Edward Snowden’s leaks. After that much-discussed episode, Director of National Intelligence James Clapper, was accused of lying to Congress under oath forsaying the country did “not wittingly” collect information on Americans.

“I certainly trust Senator Wyden’s judgment that the secret OLC memo is crucial to the debate over cybersecurity legislation,” Katherine Hawkins, a former national security fellow at the transparency coalition Open the Government, said earlier this year. “But it’s impossible to know what, specifically, the memo is about, let alone what it says.”

The memo was written during the same era that the Bush administration was writing other legal opinions supporting warrantless wiretapping, the detention facility at Guantanamo Bay and the CIA’s use of so-called “enhanced interrogations” that are commonly referred to as torture, the ACLU noted.

“Particularly around this time, officials tended to throw privacy rights by the wayside,” Sweren-Becker said. “To the extent that mentality is reflected in this opinion, that’s something we would be concerned about.”

Marcy Wheeler, an independent journalist who recently became a fellow at the tech policy think tank X-Lab, has speculated that the memo allows major telecommunications companies such as Verizon and Comcast to give data about their users’ behavior to the government in a way “that a plain reading of the law seemingly wouldn’t permit them to do.”

The decision has long been a sticking point for Wyden, a Capitol Hill ally of the digital rights community. He wrote his first letter to the DOJ in 2010 and has repeatedly alerted his colleagues to the issue in the years since.